In iOS, I know that we can evaluate trust with SecTrustEvaluate (). To create trust, we either import it from a * .p12 file or create it using an array of certificates and a set of policies.
I also know that to ensure that a server that is not trusted by default is trusted, we can use SecTrustSetAnchorCertificates () to increase the list of root CAs used by SecTrustEvaluate () to verify the server certificate.
Now, how can I guarantee that these anchor certificates are available on subsequent launch? I can store certificates, keys and identifiers in the application key chain, but not the certificate chain. Even if I save all the certificates in the chain, how do I know which certificates should be used as anchor certificates?
One solution that comes to mind is simply to get all the certificates from the keychain and install them as anchor certificates. Another method may be for all certificate chains on the disk as * .p12 files and upload them once every time the application starts.
source
share